from the nothing-to-hide,-everything-to-fear dept

Once again, someone's suggesting the best way to combat the spread of terrorist-related communications online is to make the tech companies do it, have them foot the bill, and do it all without being legislated into submission or making impudent comments like "That's not how any of this works."

Traveling beyond the groundwork of "necessary hashtags" and constant threats to bludgeon tech companies into mandatory, worldwide speech policing, the UK's independent reviewer of terrorism laws -- former key terrorism prosecutor Max Hill QC -- suggests the better route lies not through legislation, but through some sort of tech wizardry.

[C]ooperation with tech giants such as Google and Facebook offered the best way forward, including the potential introduction of “verification” checks on social media users.

“A discussion I have had with some of the tech companies is whether it is possible to withhold encryption pending positive identification of the internet user,” said Mr Hill.

“If the technology would permit that sort of perusal, identification and verification, prior to posting that would form a very good solution… and would not involve wholesale infringement on free speech use of the internet.

“I’m talking about a nano-second.”

Yes, Hill is calling for encryption to be withheld from anonymous or pseudonymous users -- often the very users (dissidents, journalists, whistleblowers) for whom the added protection is key to survival. This pitch takes "nothing to hide/nothing to fear" to its illogical extremes, suggesting protected communications be limited to those who have made their personal information available to tech companies -- who then, in turn, can be forced to hand it over to various governments with a minimum of paperwork.

Hill is correct -- beating tech companies over the head with broadly-written legislative sledgehammers is unlikely to end well. But his "fix" isn't any better. In fact, the thing he thinks can be done in a "nano-second" may not even be possible. And that's by his own admission.

Mr Hill conceded that experts were divided as to whether such checks were feasible but that it was a debate “worth having”.

Something everyone can agree on -- "independent" or not -- is that tech companies should pay for whatever measures they're being forced to undertake for the government.

He added: “The vast sums of money that tech companies generate … means that we should all be looking to those companies to recycle some of those profits into the fight to take down extreme material.”

So, let's attempt to add this all up:

Hill thinks "sledgehammer legislation" would backfire. He also thinks tech companies should be able to flip switches somewhere to encrypt/decrypt communications as needed (million-dollar switches perhaps, but "recycle" those "profits!"). He also concedes no one has said these "nano-second" switch flips are actually possible. Finally, he believes tech companies will implement these measures and pay for them without being forced to by "sledgehammer legislation."

Hill has assembled a handful of logical flaws and presented them as a plan -- one whose impossibilities can be surmounted if everyone involved just talks about it for awhile. These are the words of a former prosecutor who has mistaken daydreaming out loud with acting as an independent overseer of terrorism-related legislation.

Reader Comments

I have a better idea. Why don't we acknowledge that 100% crime prevention is impossible anyway and that shit happens and then start dealing with what is actually causing such extremism by teaching tolerance in the schools, weeding out bigotry from the government, police, legislative, courts? Ah, it's easier to advocate for a mythical, magical solve all switch. Ok, carry on.

The escalation of extremism everywhere, from white supremacists and Jesus followers in the West, through radical Muslims in the middle-east to lunatic tyrants in Asia we humanity are ripe for mutual assured destruction.

Re: Re:

This of course but if you focus on providing welfare to the masses with good public health, education and justice you are already a long way into fixing this issue. I'm not against billionaires, I'm against them existing while there are people in total misery. If everybody has the minimum to live with dignity then by all means go buy your yachts and planes.

Re: Re: Re:

It is in their best interests, long term, but they do not think long term. The wealthy need to wake the hell up and smell the disaster they are creating, it will impact them no matter how strong their bomb proof fortress is - this is quite obvious to many - but not them.

Re: Re: Re: Re: Re: Re:

I think what he means is that to "the rest of the world" wealthy means having: so much food you could actually throw some of it away; a car; electricity that actually works all the time; hot and cold running water (or even just reliable clean water); medicine when you need it. And so on.

Re: Re: Re: Re: Re: Re: Re:

Re: Re: Re: Re: Re: Re: Re: Re:

I don't know about that - if I can be so bold as to risk putting words in his mouth, I think his point is that it's not just the yacht crowd that is building up a disaster for themselves, but more or less the entire developed world. And that seems relevant. I don't know that he's right, though.

Re: Re: Re: Re:

You've missed his point. If there are people that are that rich, there's clearly enough resources to go around so that there could be no one in abject poverty.

Like he said, he's not against there being billionaires, only against there being billionaires while there are people in abject poverty. Some one making a lot of money doesn't necessarily make others poor, but making some one less rich could make some one else less poor.

Re: Re: Re: Re:

Because most rich people got that way through their own hard work, right? And the harder you work, the richer you get, right? Hardly. Most of the wealth added to the economy is done by those who will never be wealthy themselves. Most rich people were born that way and stay that way by finding ways to channel the wealth created by others to themselves.

Re: Re: Re: Re:

Perhaps, but then sometimes it does work exactly like that.For example why do you think there are so many employers who oppose providing their employees with a living wage in return for 40 hr work week? It's bad enough they do not provide any benefits and push their work on demand bullshit but then they expect others to cover their deficiencies via food stamps and welfare. Corporate subsidy needs to stop. They wag their fingers at the less fortunate with the "personal responsibility" demand while shirking their own - many people are getting tired of paying for these corporate slackers while they claim to be "good citizens" and looking out for your well being, what a crock.

Re: Re:

Re:

Agreed.

Extremism / radicalization is spreading so efficiently because we don't recognize their root causes. We recognize causes that are immediately adjacent to manifestations that we consider important; like terrorism. By the time is gets that bad allowable responses have deteriorated and narrowed into "war responses". This is true in many, MANY domains not just international relations.

The big names, like Terrorism, "suck all the oxygen out of the room". The fabric of our collective lives is the real monster that gives birth to these relatively baby monsters.

Re:

His remarks already give away his hate for anonymity so Force him to give up encryption for life now. No phone encryption, email or even HTTPS. People who attack freedom do not deserve to be protected by it.

Tech companies are not & should not be placed in a position to decide if someone is a "Good Guy™".Tech companies should not foot the bill to do bullshit feel good but worthless programs.

The problem isn't the technology but the billions of dollars brain-trusts like yourself have demanded be poured into programs that are modern day phrenology, expecting untested unproven "science" of an eye twitch will unmask terrorists.

The world can not be 100% safe. Stop telling people they can be 100% safe. Unless they are willing to surrender all rights & human contact & be sealed in their own personal cells it ain't happening.

The battle cry of "Tech should fix this!!!" is nice soundbite fodder, but how are they supposed to do what the billions you paid the phrenologists weren't able to do?

You are not serious in these attempts, this is PR spin to make sure people are pissed at tech instead of the impotent leaders who just want everyone, but them, monitored in real time 24-7 by invasive systems that can and will be abused by those with power.

Orwell would be pleased you read his book, he is rolling in his grave that you've all taken it as a blueprint to make the world better. Unity through Faith, Faith through Unity and lets just ignore the fingermen raping & beating girls because they have a badge that says "good guy™".

It was a warning, but the leaders are completely blind to what is coming as they strip away each bit of rights that supposedly make us free countries and we slide into the abyss of Big Brother telling us it isn't raining as we stand in the rain soaked to the bone... but no one will say it is raining to avoid the reeducation camps.

>including the potential introduction of “verification” checks on social media users.

Just how does a company identify a user, when the create an account, and every time they use such an account? It is not unknown for people in the UK to have multiple identities for social benefits, and they have to interact with humans to verify their identity.

Re:

Just how does a company identify a user...

Not easily. For example, even the FBI counter espionage unit has in the past been infiltrated by the very foreign spies it was supposed to be hunting because it failed to identify them as such, despite having virtually unlimited resources for doing so.

Get ready for password sharing to be a prosecuted under anti-terror legislation

I'm a developer, and maybe that has jaded my thinking about issues and problems... I would have thought that lawyers would have had the same rationale as me, but I'm starting to think they are the yin to our yang.The more I think about it... developers try to close all loop holes and lawyers try to create as many as possible.

We try and create a solution that works for the largest amounts of use cases with the smallest amount of effort. In cases like this; where you are looking for a zero-tolerance policy (absolutely no terrorists/anonymous interactions) then you are setting yourself up for complete and utter failure...

When a workaround is as simple as sharing a password, STEALING a password, or using an open protocol (*gasp!*)... you have failed even the most rudimentary of protections... of course then you have to create an anti-terror law to fix this 'edge case'. etc. etc. etc.

'You are allowed to wear a mask only after you put on your name-tag.'

“A discussion I have had with some of the tech companies is whether it is possible to withhold encryption pending positive identification of the internet user,” said Mr Hill.

Translation: "People should only be allowed 'anonymity' after they've been identified."

Another not-so-hidden trick here is that if encryption can be toggled on it can just as easily be toggled off, so chalk this up to yet another attempt at conning/forcing companies to offer broken-by-design 'encryption.'

Mr Hill conceded that experts were divided as to whether such checks were feasible but that it was a debate “worth having”.

It would be curious as to what 'experts' think that such checks are feasible, because I can't help but suspect most or even all of those 'experts' have no actual expertise in the field of encryption.

I also can't help but suspect that, similar to those in the US who call for 'discussions' and 'conversations' regarding this sort of thing that he's not interested in any 'debate' that doesn't start and end with something along the liens of "Why yes, you are absolutely right, we'll get right on that on our time and our dime."

He added: “The vast sums of money that tech companies generate … means that we should all be looking to those companies to recycle some of those profits into the fight to take down extreme material.”

Translation: "They make a lot of money, 'extreme' stuff(like the ability to post anonymously) is bad, therefore they should spend some of that money to combat the 'extreme' stuff."

Pretty sure that as profitable as Google and Facebook can be they still have less money to throw about than the UK government, so if anyone should be paying for the development of such broken encryption the UK government should be the one paying the bills(or even better, have the idiots trying to undermine public safety and security via undermining encryption and anonymity foot the bill with their own personal funds).

Re: Re: Re: 'You are allowed to wear a mask only after you put on your name-tag.'

I propose a feasibility study in which we determine if I am able to take a million dollars right now and turn it into a reasonable retirement nest egg. Warning, this study may take many decades to complete.

lolwut

Max Hill QC, the independent reviewer of terrorism legislation, said that it would be a “good solution” to the problem of Islamist and other dangerous material online if postings could only be made by people whose identity was known.

But they already know the identities of many of these extremists. They simply choose to do nothing about it.

Far easier to arrest some squaddies for being members of an obnoxious right-wing group than to deal with actual terrorists.

Re:

Re:

out_of_the_blue doesn't really show up on encryption articles. Surveillance articles, possibly, to whine about the government increasing surveillance. By the government, he really means the NSA. And by the NSA, he really means Google.

You're thinking of MyNameHere/Whatever/horse with no name/Just Sayin'. His gimmick is to be an apologist for adding backdoors and increasing surveillance on the basis of "everybody posts personal things on social media so you should have no problem with the government grabbing all that data, you willingly put it up, you're a pirate and I'm such a model citizen".